Feature Request: OAuth2 authentication for BTP ABAP Environment

[ChMueller001]

Context

BTP ABAP Environment's abap-web domain does not support Basic Auth — it's a pure OAuth web router that redirects to IAS/XSUAA for authentication. Currently, the only working auth method is --browser-auth with cookie persistence (--cookie-save / --cookie-file), which works but requires manual re-authentication when cookies expire.

Environment

• VSP v2.38.1 (Windows amd64)
• SAP System: BTP ABAP Environment (eu10)
• Domain: abap-web.eu10.hana.ondemand.com
• IAS tenant: corporate IAS with SAML
• MCP Client: Claude Code

Current workaround

vsp --browser-auth --cookie-save cookies.txt
# Ctrl+C after cookie extraction
# Then use --cookie-file for subsequent calls

This works thanks to the fixes in #90 and #88, but requires periodic manual browser login.

Proposed feature

Support OAuth2 Client Credentials or Authorization Code flow for BTP ABAP Environment, using a BTP Service Key (client_id, client_secret, token_url) for unattended authentication. Something like:

vsp --oauth-client-id <id> --oauth-client-secret <secret> --oauth-token-url <url>

Or via .env / .vsp.json:

{
  "url": "https://xxx.abap-web.eu10.hana.ondemand.com",
  "auth": "oauth",
  "oauth_client_id": "...",
  "oauth_client_secret": "...",
  "oauth_token_url": "https://tenant.authentication.eu10.hana.ondemand.com/oauth/token"
}

This would enable fully unattended MCP server operation without cookie expiration issues.

Related issues

• BTP ABAP Environment: Authentication fails (401) despite valid Basic Auth credentials on abap-web domain #90 (BTP auth redirect fix)
• ExceptionResourceInvalidLockHandle, EditSource, WriteSource, CloneObject, ImportFromFile .. #88 (stateful session fix)